(19) 



J 



Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 



I 



(12) 



(43) Date of publication: 

02.01.2002 Bulletin 2002/01 

(21) Application number: 00410066.5 

(22) Date of filing: 19.06.2000 



(ID EP1 168 711 A1 

EUROPEAN PATENT APPLICATION 

(51) mt ci 7: H04L 12/24, H04L 12/56 



(84) Designated Contracting States: 


(72) Inventor: Bruno, Richard 


AT BE CH CY DE DK ES Fl FR GB GR IE IT LI LU 


38920 Crolles (FR) 


MC NL PT SE 




Designated Extension States: 


(74) Representative: Lloyd, Richard Graham 


AL LT LV WIK RO SI 


Intellectual Property Section, Legal Department, 
HEWLETT-PACKARD FRANCE, Etablissement 


(71 ) Applicant: Hewlett-Packard Company, A Delaware 


de Grenoble 


Corporation 


38053 Grenoble Cedex 9 (FR) 


Palo Alto, CA 94304 (US) 





(54) Process for controlling devices of an intranet network through the web 



(57) Process for control and management of an In- 
tranet network by means of a Web browser, comprising 
the steps of: 

discovering the devices of an Intranet network, in- 
cluding the different subnets; 
extracting data representative of those devices for 
the purpose of compiling a file which is transmitted 
through a HTTP protocol to a Web server associat- 
ed to a database; 

deploying a Internet Control Agent in the devices 



contained within said Intranet, said agent being 
controllable from the said Web server by a set of 
commands being exchanged with the HTTP or HT- 
TPS protocol; 

regularly transmitting set of instructions to said 
agents for the purpose of controlling tasks to be per- 
formed within the network. 

Preferably, the set of instructions is used for con- 
trolling a remote installation of a software package with- 
in the devices in accordance with selections made by 
the IT administrator. 
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Description 

Technical field of the invention 

[0001] The invention relates to telecommunications 
and more particularly to a process for controlling devices 
of an Intranet network via a server communicating 
through the Web. 

Background art 

[0002] The development of computers and telecom- 
munications, and particularly the Internet, increases the 
complexity of the tasks for the network manager, also 
known as the Information Technology Administrator, 
who has to manage the networks and network nodes, 
and particularly to ensure that the devices forming the 
Intranet of a company or a private organisation fully fit 
the requirements of the users. This particularly covers 
the management of the different elements of the net- 
work, including the nodes, the computers, the printers, 
the switches, the hubs and the modems. The IT man- 
ager has to ensure that the different elements which 
compose a network fully operate in a satisfactory fash- 
ion, but also that each machine is loaded with the ap- 
propriate Operating System, and also with the adequate 
software applications. 

[0003] Different tools are known for facilitating the 
management of devices, printers, routers, switches and 
computers composing an Intranet network. HP Open- 
View ™ manufactured by Hewlett Packard Inc., IBM Tl- 
VOLI ™ manufactured by IBM Corp. , CS Unicenter 
TNG etc... HP TopTools ™ is another tool for facilitating 
the network devices or network nodes management. 
[0004] Among many different installation and mainte- 
nance operations, the IT Administrator has to support 
the PC cleanup and defragmentation of the different 
hard disk of the computers, the loading of the appropri- 
ate software packages and particularly the update of the 
antivirus tools, the backup of the files, the software 
update , the resources monitoring and the e-mail notifi- 
cations. 

[0005] Although some tools have been designed to fa- 
cilitate the tasks of the IT administrator, basically, by us- 
ing specific agents on the different devices, it still ap- 
pears that the handling and the management of an In- 
tranet requires a highly qualified professional, which has 
to remain within the vicinity of the Intranet network. 
[0006] There is a wish for enabling the control, the 
maintenance, the update of the devices within an Intran- 
et by a Web server which is located elsewhere, outside 
the Intranet, what is generally hindered or made difficult 
by the presence of the proxy and the firewall. 
[0007] The arrangement of a Firewall mechanism for 
the purpose of supervising the ports of communication 
with the Internet network is an obstacle to such external 
control. 

[0008] The technical problem to be solved by the 



present invention is to design a process which allows 
the handling of a Intranet network, including the different 
subnets composing that network, by an external central- 
ized Web server for the purpose of constituting a Web 

5 portal dedicated to the control, the inventory and the 
maintenance of an Intranet network. 
[0009] Another technical problem is to facilitate the 
control of an I ntranet network by an external Web brows- 
er, without requiring changes to be brought to the exist- 

10 jng proxy and firewall arrangement and without requiring 
installation of specific administration tools. 

Summary of the invention 

'5 [0010] It is an object of the present invention to control 
an Intranet network by means of an external Web server 
operating as a portal dedicated for management, inven- 
tory, and maintenance of the Intranet. 
[0011] It is a further object of the present invention to 

20 collect via an external Web server a comprehensive de- 
scription of the architecture of an Intranet network for 
the purpose of asset management. 
[0012] It is another object of the present invention to 
provide a comprehensive control of the devices com- 

25 posing an Intranet network by an external Web server. 
[0013] These and another objects are achieved by 
means of the present invention which is defined in the 
independent claims. Basically, there is provided a proc- 
ess for controlling an Intranet network by a Web server 

30 which involves the step of: 

- discovering the devices of an Intranet network, in- 
cluding the different subnets; 



35 - 



40 - 



extracting data representative of those devices for 
the purpose of compiling a file which is transmitted 
through the HTTP protocol to a Web server associ- 
ated to a database; 

deploying a Internet Control Agent in the devices 
contained within said Intranet, said agent being 
controllable by a set of commands being exchanged 
with the HTTP or HTTPS protocol; 

regularly transmitting set of instructions to said 
agents for the purpose of controlling tasks to be per- 
formed within the network. 



[0014] In one embodiment, the set of instructions is 
50 used for the purpose of controlling a remote installation 
of a software package within the devices in accordance 
with selections made by the IT administrator. 
[0015] In another embodiment of the invention, there 
is controlled the installation of an executable file causing 
55 the gathering of technical data within the system by 
means of an analysis of BIOS characteristics and the 
registry. There is therefore provided a wide and compre- 
hensive inventory of the devices connected to the net- 
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work. 

[001 6] A set of specific commands has been designed 
for achieving the control of the Internet Control Agent by 
the Web server. Those includes an EXECUTE com- 
mand for the purpose of executing a particular execut- 
able file located in a share resource or on a local hard 
disk, with a first parameter defining the maximum time 
allowed to the execution and a second parameter which 
defines the file where a report of the execution has to 
be created and transmitted to the Web server. A DOWN- 
LOAD command is used for controlling the download of 
files with the appropriate Uniform Resource Locator 
(URL). A SLEEP command is used for scheduling the 
next execution of the Internet Control Agent for the pur- 
pose of the execution of a new set of commands or in- 
structions. 

[0017] In one embodiment, the discovery of the differ- 
ent devices of the Intranet uses a mechanism based on 
the current IP address, the subnet mask being associ- 
ated to the address of the router of the considered sub- 
net. All the active nodes which are comprised within a 
considered submask are successively discovered by 
means of a PING. When a node appears to be detected, 
a Simple Network Management Protocol (SNMP) re- 
quest is then used for accessing to information relevant 
to that device and determining the type of the machine. 
In the case of a router, a further SNMP request permits 
to discover the interfaces and thus, the possible exist- 
ence of additional subnets, with the subnet masks. Each 
discovered subnet is subject of the same iterative mech- 
anism and the different nodes composing the Intranet 
network are progressively disclosed and reported. 

Description of the drawings 

[001 8] An embodiment of the invention will now be de- 
scribed, by way of example only, with reference to the 
accompanying drawings, wherein: 

Figure 1 illustrates the general architecture of an In- 
tranet network which communicates with a central- 
ised Web server. 

Figure 2 illustrates the assignment of the IP ad- 
dresses to the architecture shown in figure 1 . 

Figure 3 is a flow chart illustrating the installation of 
the Internet Control Agent within the different devic- 
es, under control of Web server 1 . 

Figure 4 is a flow chart of the control process exe- 
cuted by the Internet Control Agents. 

Description of the preferred embodiment of the 
invention 

[0019] With respect to the figure 1 there is illustrated 
the control of an Intranet network which communicates 



via a Proxy 5 and a firewall arrangement 4 to the Web 
3. As an example, the Intranet network may comprise 
two subnets 15 and 1 6 communicating via a router de- 
vice 9. Subnet 15 includes IT administrative console 6, 
5 a computer client 7, a printer 8 and a server 10. Subnet 
1 6 includes a computer client 11 , a printer 1 2, a server 
13, and optionally, a server appliance 1 7 which purpose 
is to communicate with a server 1 . As will be shown be- 
low with details, a server 1 is associated to a database 
10 2 and is used for controlling, for the maintenance and 
inventory of the Intranet network. 
[0020] A Firewall 4 is used for separating the Intranet 
network from the Web. As known by the skilled man a 
firewall arrangement is used for filtering the communi- 
cation exchanged between the network devices that are 
connected outside the Intranet and those included with- 
in the Intranet. Such a firewall is generally based on one 
proxy element, similar to proxy 5 which is represented 
on the figure 1 , and two different routers (not shown). A 
first router is generally dedicated to the interface with 
the Web while a second router handles the frames which 
are exchanged with the devices inside the Intranet. Any 
direct exchange of frames between the Intranet and the 
Web is avoided and all devices communicate through 
the proxy, thus substantially securing the internal organ- 
isation of the Intranet. 

[0021] It will be described now how the external Web 
server 1 can take the control of the devices composing 
the Intranet for the purpose of management, inventory 
and maintenance of the different components of the net- 
work. 

[0022] The process involves a registration procedure 
by the IT administrator to the external Web server 1 , in 
step 31. To achieve this, the IT administrative uses a 
HTTP standard request to the server 1 by using the con- 
ventional browser existing in the console or computer 7, 
such as, for instance, Internet Explorer™ 4 or 5 (man- 
ufactured by Microsoft Corp.) or Netscape Navigator™ 
(manufactured by Netscape Communications Corp.). 
The communication can be secured by the user of the 
HTTPS (RFC 2660) protocol for securing the communi- 
cation between the IT administrator and the Web server 
1 . During the registration procedure, the IT administrator 
is assigned a registration number, with a logging ac- 
count and a password. 

[0023] The registration procedure is followed by the 
transmission to the IT administrative console, in step 32, 
of an installation package of a Internet Control Agent. In 
the preferred embodiment, the package is designed for 
a setup procedure for Windows ™ 9x or Windows ™ NT 
type machines, and comprises reference to the newly 
registered account. More particularly, the package is a 
signed executable file which supports automatic extrac- 
tion and installation, as well as unattended setup. In one 
embodiment, the Internet Control Agent maybe directly 
received as an attachment of an electronic mail. For 
Windows ™ 9x type machines, a login script may also 
be used. 
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[0024] As will be shown below, the Internet Control 
Agent, once installed in console 6 of IT administrator, 
exchanges control information with the server 1 through 
the HTTP protocol, and particularly the GET and POST 
requests. The particular format of the HTTP GET re- 
quest is defined in the well-known rules laid down in the 
Request For Commands (RFC) 2.6.1 .6, which are avail- 
able at the following address http://www.w3.org/proto- 
cols. Since those rules are well known to the skilled man, 
they will not be elaborated further on. Use of the secure 
version of HTTP, HTTPS (RFC 2660) is an extension, 
which enables the protection of the users privacy by en- 
crypting the profile information in transit. 
[0025] Internet Control Agent receives the HTTP ref- 
erences of proxy 5, for instance, under the form of http: 
//proxy.company.com:8080. In one particular embodk 
ment, that reference can be automatically incorporated 
by server 1 into the installation package transmitted In 
step 32. This can be achieved by constructing, during 
the registration procedure of step 31 , a Web page con- 
taining a Hyperlink to a proxy detection script. By ac- 
cessing the internal parameters of the registry of the IT 
Administrator console 6, the settings of the proxy are 
discovered, and can them be posted back to server 1 
via an HTTPS POST request. The use of such a script 
is well known to the skilled man and will not be further 
developed. 

[0026] The auto -discovery process can then be initi- 
ated in step 33 for the purpose of gathering a compre- 
hensive description of the Intranet architecture and the 
different devices composing the network. Two different 
embodiments may be used for this purpose. 
[0027] In a first embodiment, a Server Appliance 17 
is attached to the Intranet network, and includes means 
for carrying out the discovery process and collecting the 
information being gathered for the purpose of generat- 
ing a report file. Such a discovery facility which may be 
used within the Intranet is known to the skilled man. An 
example of such a tool is TopTools™, which is manufac- 
tured by the Applicant of the present application. Once 
the information has been gathered on the Intranet, a text 
or extended Markup Language (XML) file is transmitted 
via a HTTPS post to the server 1 . For that purpose, the 
Server Appliance 17 particularly includes the account 
registration number assigned by server 1 to the IT ad- 
ministrator as well as the accurate settings of the proxy. 
[0028] In a second embodiment, the server 1 pre- 
pares a Web page containing a hyperlink referring to a 
script which is executed on the IT administrator console 
6. The network discovery script is then automatically ex- 
ecuted and the auto-discovery mechanism is launched. 
[0029] The auto-discovery mechanism is based on 
the current IP address, the subnet mask being associ- 
ated to the address of the router of the considered sub- 
net, e.g. subnet 1 5 or subnet 1 6. In this way, all the active 
nodes which are comprised within a considered subnet 
are successively discovered by means of a PING re- 
quest. When a node appears to be detected, a Simple 



Network Management Protocol (SNMP) request is then 
used for accessing to information relevant to that device 
and determining the type of the device. In the case of a 
router, a further SNMP request permits to discover the 
5 interfaces and thus, the possible existence of additional 
subnets. Each discovered subnet can be subject of the 
same iterative mechanism and the different nodes com- 
posing the Intranet network are progressively disclosed 
and reported. 

w [0030] The auto-discovery process thus permits the 
elaboration of a comprehensive description of the topol- 
ogy of the intranet, including the different subnets and 
the IP addresses of the different devices. In the partic- 
ular case of the architecture which is shown in figure 2, 

15 the auto-discovery process produces a table comprising 
the different elements of the network, with the following 
information: 



Subnet 15: 


Computer (6) 


| 128.1.1.1 


Computer (7) 


128.1.1.2 


Printer (8) 


128.1.1.3 


Router (9) 


j 128.1.1.4 


Server (10) 


: 128.1.1.5 



Subnet 16: 


Computer (11) 


128.1.3.1. 


Printer (12) 


128.1.3.2. 


Server (13) 


128.1.3.4 


Server appliance 


128.1.3.5. 



[0031] Such a table may be compiled within a text or 
XML file and transmitted to server 1 via a HTTPS POST, 
for the purpose of a final storage within the database 2. 
[0032] In one embodiment, the auto-discovery mech- 
anism is regularly executed, either by Server Appliance 
17 or by the script mechanism within console 7, so as 
to ensure that the description of any device is progres- 
sively incorporated within the database 2. 
[0033] When the topology of the Intranet network, in- 
cluding the subnets and the I P addresses of the devices, 
has been collected and included within a report file, e. 
g. a text or XML file, the latter is being transmitted in 
step 34 to the server 1 via a HTTPS POST request. Such 
a request may easily be conveyed throughout the fire- 
wall mechanism without requiring any change to the lat- 
ter, as the HTTP and HTTPS outbound connections are 
usually left open in a firewall. The precise information 
relevant to the topology of the Intranet network can then 
be stored within the database 2 which is associated to 
Web server 1 . 

[0034] In step 35, the external server 1 produces a 
Web page which is displayed within the browser of the 
IT administrator for the purpose of controlling the distri- 
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bution of the Internet Control Agent within the different 
Intranet devices. Practically a Web page is elaborated 
within the server 1 which summarises the different de- 
vices which were discovered by the server 1 , and for 
which the IT Administrator may decide, or not, to include 
within the broadcast and diffusion of the Internet Control 
Agents. In one embodiment, the Web server may use a 
Graphical User Interface (G.U.I) on console 6 for the 
purpose of providing a wide and comprehensive de- 
scription of the topology of the network, of the different 
PC clients comprised within the network. When the 
Graphical User Interface is being started, the IT admin- 
istrator is being prompted to select the particular devices 
within the Intranet which will be managed by the external 
server 1 . 

[0035] Further to the selection of the particular devic- 
es which will be covered by the control process of ex- 
ternal Web server 1 , the downloading and the Installa- 
tion of the Internet Control Agent is launched within the 
selected devices of the Intranet. In the embodiment 
based on Server Appliance 7, the installation file of the 
Internet Control Agents may be advantageously loaded 
within that Appliance 7 so as to reduce the data ex- 
changed with the Web. 

[0036] The installation of the Internet Control Agent 
can then be executed in step 35 in the appropriate de- 
vices, in accordance with the selection made by the IT 
administrator, and registered within database 2. It 
should be noticed that the latter may vary in accordance 
with the type of the machine being considered but, gen- 
erally, all devices may receive a communication agent, 
and particularly the printers. 

[0037] The following description will be more particu- 
larly elaborated for the case of the computers and serv- 
ers. Clearly there is provided an extensive control pos- 
sibilities to the computers attached to the Intranet net- 
work. 

[0038] Different modes of operation may be used for 
achieving the installation of the Internet Control Agent 
in the devices. 

[0039] In one embodiment, the installation package of 
the Agent can be enclosed within one electronic mail 
and transmitted to the different users. 
[0040] In a second embodiment the installation may 
be achieved by means of a login script, i.e. an executa- 
ble file which is executed as soon as the user of the de- 
vices is login on. That login script is elaborated by the 
server 1 by means of the information stored within da- 
tabase 2 . The login script is embedded into a Web page 
constructed by server 1 , and which the IT administrator 
may access from his console 6. He may then installs 
that login script on the Primary Domain Controller (PDC) 
of the network so that the latter is automatically execut- 
ed when the users are login in. 

[0041 ] It will be more particularly described a third em- 
bodiment which may take a great advantage of the NT 
Service Control Manager existing in the NT type ma- 
chines. The NT SCM is deviated from the usual use for 



the purpose of providing an automatic execution and in- 
stallation of any executable file located in a shared re- 
source. The installation package file of the Internet Con- 
trol Agent installation package includes all the files 

5 which are normally required for a local setup procedure, 
as well as the executable file - the setup.exe - which 
causes the launching of the installation procedure. That 
file has to support the unattended mode : which is that 
generally involved when the user types the "-s" switch 

10 on the command line (unattended setup). 

[0042] In addition to those files, the installation pack- 
age of the Agent includes an additional description file, 
hereinafter referred to as package.ini file. Package.ini 
file may take the form of a text file and contains the de- 

'5 scription of the installation files which are involved in the 
setup procedure. It particularly includes the precise list 
of the installation files required for a local setup proce- 
dure, plus an additional line carrying the command 
which is required for starting the local setup procedure. 

20 [0043] The selection of one device by the IT adminis- 
trator in step 35, there is Web server in a Web page cre- 
ated by server 1 . causes the downloading in step 36 of 
the corresponding installation package, as well as a par- 
ticular - so-called pusher.exe executable file in console 

25 6, which is then executed. 

[0044] As shown in figure 4, the process which is ex- 
ecuted by pusher.exe executable file causes, in step 41 , 
the installation of a new NT service on one client, for 
instance computer 11 , hereinafter referred to as push- 

30 service.exe. This is achieved by means of the use of the 
NT Service Control Manager (SCM) of computer 11, 
thanks to the administrative rights given to IT adminis- 
trator on that particular machine. As known by the skilled 
man, Microsoft NT ™ and Microsoft 2000 ™ supports 

35 an application type known as a service which takes the 
form of a .exe or .dll, for instance. A service application 
conforms to the interface rules of the SCM. It can be 
started automatically at system boot, or by a user 
through the Service Control panel applet, or by an ap- 

40 plication which uses the service functions included in the 
Microsoft ™ WIN32 ™ Application Programming Inter- 
face (API). The process which is described below takes 
advantage of the NT service which is generally used for 
localities, drivers, anti-virus programs, Internet Protocol 

^5 and TCP/IP drivers, and hard disk drive compression 
mechanisms. The process which is described herein af- 
ter however deviates the normal use of the standard NT 
service for the purpose of executing a remote executa- 
ble file located within a shared resources on the Intranet, 

50 for instance Server Appliance 1 7, but which can also be 
downloaded from the Web. Once it has been registered 
and installed as a service, the executable file can be 
started on a computer without being present on the hard 
disk drive of the latter. It should be noticed that the par- 

55 ticular executable file - herein referred to as the push- 
service.exe - is compiled in accordance with the pre- 
scriptions applying to the services, and which are de- 
fined in the Microsoft specifications. Particularly, the en- 
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try point of that executable file is not referring to WIN- 
MAIN as for the usual standard executable files, but re- 
fers to a service entry which WINDOWS NT decodes as 
such. 

[0045] Once registered by the NT Service Control 
Manager, the NT service receives the following refer- 
ence: 

\\server\share\pushservice.exe 

[0046] A reference to the package software of the In- 
ternet Control Agent which is located within a shared 
resources, is used as an option of the command line, e. 

g. 

\\server\share\package.ini 

[0047] When it Is installed, the new NT service Is start- 
ed by the IT administrator controlling the Web page dis- 
played by server 1, in step 42. The starting of the NT 
service complies with the usual NT Service Control 
Manager procedures. That causes the instantiation of 
the service into the memory of the computer client and 
starts its execution. The new NT service becomes avail- 
able and is automatically executed within that computer, 
what results in the identification of the software package 
which is to be installed, ie the Internet Control Agent. 
This is achieved by means of the extraction of the par- 
ticular command line which has been associated to the 
new service by the NT Service Control Manager, as ex- 
plained above. The process particularly uses the option 
of the command line defined above, and which contains 
a reference to the package.ini description file. The open- 
ing of the package.ini description file causes the identi- 
fication of the different files which are to be installed on 
computer 1 1 , and thus their downloading on a predeter- 
mined directory on the hard disk drive of the latter, as 
illustrated in step 43. As known by the skilled man this 
can be achieved by means of a path relative to the push- 
service. exe path. 

[0048] When all the installation files have been copied 
onto the hard disk drive of computer 11 , the process ex- 
ecuted by pushservice.exe causes the execution of the 
command which is defined at the last line of the pack- 
age.ini description fife, in step 44, and finally launches 
the unattended setup procedure of the particular appli- 
cation which is concerned. At the completion of the NT 
service, the latter uninstalls itself in step 45 and stops 
in accordance with the normal NT service rules. 
[0049] Whatever the particular mechanism which is 
used for deploying the Internet Control Agent within the 
different devices, it will now be described how the com- 
plete control of the Intranet can be achieved by external 
server 1 , even when the Intranet is secured by a firewall 
mechanism. 

[0050] The control process will be particularly de- 
scribed in reference to figure 5. 
[0051 ] Once installed, the Agent initiates a connection 



in step 51 to the Web server via the HTTPS protocol. It 
issues a POST request, with the Customer Identifier as- 
signed by the Web server 1 during step 31 , and the sys- 
tem name. 

5 [0052] Then, in step 52, the Agent receives and stores 
the Node Identifier (NID) which is assigned by Webserv- 
er 1 . The NID is unique and will be used for identifying 
each device and securing the control process. 
[0053] Once the NID has been assigned, the agent 
io can then receive a set of specific instructions in step 53 
which is decoded and used for controlling the particular 
management, maintenance and update of the consid- 
ered network devices. In one embodiment, the set of in- 
structions is embedded within a TEXT file or a XML file, 
is and includes the following commands: 

[0054] The set of instructions, once received, can be 
executed in step 54 by the Internet Control Agent for the 
purpose of a wide variety of different management 
tasks. Indeed, a specific set of commands has been de- 
20 signed for that control of the network through the exter- 
nal Web server 1 . These particularly include the follow- 
ing commands useful for computers and servers. 
[0055] A DOWNLOAD command is used for control- 
ling Agent in order to download files connected in shared 
25 resources on the network. 

[0056] An EXECUTE command is used for the pur- 
pose of executing an NT command line, ie an executa- 
ble local file or existing in a share resource. Two param- 
eters are associated to that command. A first one cor- 
30 responds to a maximum time for execution and watch- 
dog mechanism for the purpose of preventing an infinite 
wait in the case of an error condition occurrence. A sec- 
ond parameter is used for defining the name of a report 
file which the Agent post back to server 1 via a HTTPS 
35 request. In one embodiment, the report file takes the 
form of a TXT file or a XML file. 
[0057] A SLEEP command is used forscheduling the 
next execution of the Internet Control Agent for the pur- 
pose of the execution of a new set of commands or in- 
structions. 

[0058] An AUTO-UPDATE command is used for con- 
trolling the update of the kernel of the Internet Control 
Agent installed within the considered device. For this 
purpose, a temporary service is being launched in NT 

45 type machines, which receives, as an option, the name 
of the file which is to be installed, the name of the pre- 
vious which is to be uninstalled, and the name of the 
process which is to be stopped. Such a result may also 
been obtained with the use of a Dynamic Link Library 

50 (DLL) file in Windows™ 9x machines. 

[0059] An UNINSTALL command is used for control- 
ling the un installation of the Agent within the considered 
device. 

[0060] By using the set of commands described, there 
55 is provided an effective way for controlling independent- 
ly the different devices which are connected to the In- 
tranet network. By taking advantage of the HTTP or HT- 
TPS protocol which is well accepted through the proxy 
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and the firewall mechanisms, there is permitted to take 
the control of the Intranet network and remotely manag- 
es its different devices. 

[0061] Should the Web service, in accordance with 
the information loaded within database 2 ; controls the 
installation of a specific software package within device 
7 for instance, the Web server transmits the following 
set of commands to that device. 

1 . download http://portal.hp.com/_user.cab A_user. 
cab 

2. download http://portal.hp.com/_isdel.exe . 
\_isdel.exe 

3. download http://portal.hp.com/setup.exe Asetup. 
exe 

4. execute .\setup.exe -s 

[0062] It will now be explained how the process can 
be used in combination with a software executable 
which is dedicated to the gathering of important techni- 
cal information about the hardware and the software of 
a considered machine. To achieve this, Internet Control 
Agent controls the downloading and the installation of a 
specific executable file - a so called sysinfo.exe execut- 
able file - for the purpose of collecting data representa- 
tive of the hardware of the device. That particular file, 
once loaded, accesses the internal technical parame- 
ters which are loaded into the BIOS layer. Once in- 
stalled, the sysinfo.exe executable file extracts system 
information directly from the SMBIOS tables, or interro- 
gates the Desktop Management Interface (DMI), orWin- 
dows Management Interface (WMI) as known from Mi- 
crosoft. As known by the skilled man, the DMI and WMI 
interfaces are Application Programming Interfaces 
(API) that consists of a set of routines that are called for 
accessing the information relevant to the host machine. 
Basic information relating to the DMI programming in- 
terface can be found at the address http://www.dmtf. 
org/. 

[0063] By using the DMI or WMI interfaces, or by ac- 
cessing directly the SMBIOS level, the sysinfo.exe exe- 
cutable file accesses the different tables contained in 
the System Management BIOS (SMBIOS) for the pur- 
pose of reporting comprehensive information regarding 
the user's configuration, and required for completing a 
request for transaction. Such information includes the 
system manufacturer, model, version and serial 
number, the type and speed of processors, the type of 
chipset, the number, manufacturer and size of hard disk 
drives, the particular graphic card being used, the mem- 
ory size and speed, the serial number of the display, the 
reference of the operating system and so on. 
[0064] Once the different relevant parameters are 
gathered from the DMI or WMI interface, the Internet 
Control Agent compiles the comprehensive information 
which has been gathered into a report file, which report 
is transmitted through external server 1 and stored with- 
in database 2 for the purpose of enhancing the control 



over the different devices. In the preferred embodiment, 
the local agent issues a request for transaction which 
may be embedded into a HTTP POST request which is 
recognised at every level, and particularly by every 
5 Proxy. 

[0065] While the auto-discovery mechanism permits 
the comprehensive description of the Intranet, for the 
purpose of storing the corresponding information within 
database 2, the IT administrator still keeps the possibil- 
10 ity to manually register computers which are outside the 
firewall and which can not be normally discovered by 
the mechanism described above. This is the case of 
portable computers which may be registered independ- 
ently. However, it is clear that, once registered, the port- 
's able computer may be fitted with the Internet Control 
Agent which may communicate with server 1 and re- 
ceives the sets of instructions as for the other devices 
within the Intranet. The portables computers therefore 
receive the possibility of an automatic maintenance and 
20 update capabilities. 



Claims 

25 1. Process for controlling an Intranet network by 
means of a Web server, characterized in that it in- 
volves the steps of: 

discovering the devices of an Intranet network, 
30 including the different subnets; 

extracting data representative of those devices 
for the purpose of compiling a file which is 
transmitted through a HTTP protocol to said 
35 Web server; 

• deploying a set of Internet Control Agents in the 
devices contained within said Intranet, said 
agent being controllable by a set of commands 
4 o which are exchanged by means of the HTTP or 

HTTPS protocol; 

thereby allowing the control of the Intranet by the 
Web server. 

45 

2. Process according to claim 1 characterised In that 
each Internet Control Agents regularly transmits a 
HTTP or HTTPS request to said server for the pur- 
pose of requesting a new set of instructions to be 

so executed. 

3. Process according to claim 1 characterised in that 
said set of instructions is used for controlling a re- 
mote installation of the software package within the 

55 devices. 

4. Process according to claim 3 characterised in that 

said set of instructions is used for controlling an ex- 
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ecutable file for extracting technical data stored 
within the BIOS and the registry of the computers 
within the Intranet, said technical data being com- 
piled in a text which is transmitted back to said serv- 
er via a HTTP or HTTPS request. 5 

5. Process according to claim 1 wherein said set of 
instructions includes an EXECUTE command for 
the purpose of executing a particular executable file 
located in a share resources, said EXECUTE com- 10 
mand having a first parameter defining the maxi- 
mum time allowed to the execution and a second 
parameter defining the file where a report of the ex- 
ecution has to be created. 

15 

6. Process according to claim 1 wherein said set of 
instructions includes a DOWNLOAD command 
used for controlling said Internet Control Agent to 
download files connected in shared resources on 

the network. 20 



of the router of the considered subnet, and using a 
PING for the purpose of discovering any active 
node within said subnet. 

12. Process according to claim 11 wherein said detec- 
tion of an active node is completed with a Simple 
Network Management Protocol (SNMP) for the pur- 
pose of determining the type of the device to be re- 
ported to said Web server. 



7. Process according to claim 1 wherein said set of 
instructions includes a SLEEP command for sched- 
uling the next execution of the Internet Control 
Agent for the purpose of the execution of a new set 25 
of commands or instructions. 



8. Process according to claim 1 wherein said set of 
instructions includes a AUTO-UPDATE command 
used for controlling the update of the kernel of said 30 
Internet Control Agent installed within the consid- 
ered device. 



9. Process according to claim 1 characterised in that 

the installation of said Internet Control Agent in said 35 
computers operating under NT type environment is 
carried out by means of a NT service under control 
of a NT service control manager. 



10. Process according to claim 9 wherein the installs- 40 
tion successively involves the step of: 



installing an executable file for controlling a lo- 
cal setup procedure under the control of the NT 
service control manager (SCM) and in accord- 45 
ance with the description contained within a de- 
scription file {package Jni) present on a shared 
resources; said executable file (pushservice. 
exe) receiving the format of a NT service; 
starting said executable file so as it becomes so 
availableto said computer as a service and per- 
mits the launching of a local setup procedure 
within said computer in accordance with the 
contents of said description file (package.ini). 

55 

11. Process according to claim 1 comprising a discov- 
ery mechanism based on the current IP address 
with a subnet mask being associated to the address 
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